1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Pop Ups out of control

Discussion in 'Virus & Other Malware Removal' started by suzyqthebomb, Jul 18, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. suzyqthebomb

    suzyqthebomb Thread Starter

    Joined:
    Jul 18, 2007
    Messages:
    9
    I did the Panda active scan and here is the results, it was too long so I had to erase some cookies.


    Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Documents and Settings\USER\Application Data\winantiviruspro2006freeinstall[1].exe












    Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\USER\Local Settings\Temp\Cookies\[email protected][2].txt
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\USER\Local Settings\Temp\Cookies\[email protected][2].txt
    Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\USER\Local Settings\Temp\Cookies\[email protected][1].txt
    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\USER\Local Settings\Temp\Cookies\[email protected][1].txt
    Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\USER\Local Settings\Temp\Cookies\[email protected][2].txt
    Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\USER\Local Settings\Temp\Cookies\[email protected][1].txt
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\USER\Local Settings\Temp\Cookies\[email protected][2].txt
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\USER\Local Settings\Temp\Cookies\[email protected][1].txt
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\USER\Local Settings\Temp\Cookies\[email protected][1].txt
    Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\USER\Local Settings\Temp\Cookies\[email protected][1].txt
    Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\USER\Local Settings\Temp\Cookies\[email protected][2].txt
    Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\USER\Local Settings\Temp\Cookies\[email protected][1].txt
    Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\USER\Local Settings\Temp\Cookies\[email protected][2].txt
    Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\USER\Local Settings\Temp\Cookies\[email protected][1].txt
    Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\USER\Local Settings\Temp\Cookies\[email protected][1].txt
    Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\USER\Local Settings\Temp\Cookies\[email protected][1].txt
    Adware:Adware/WinTools Not disinfected C:\Documents and Settings\USER\Local Settings\Temp\IExploreSkins.exe
    Potentially unwanted tool:Application/P2PNetworking Not disinfected C:\Documents and Settings\USER\Local Settings\Temp\p2psetup.exe
    Adware:Adware/SideSearch Not disinfected C:\Documents and Settings\USER\Local Settings\Temp\ss_cdt_setup.exe[² =.dll]
    Adware:Adware/SideSearch Not disinfected C:\Documents and Settings\USER\Local Settings\Temp\ss_cdt_setup.exe[offline.htm]
    Adware:Adware/WinTools Not disinfected C:\Documents and Settings\USER\Local Settings\Temp\WinTools.exe
    Adware:Adware/Yazzle Not disinfected C:\Documents and Settings\USER\Local Settings\Temp\yazzlesnet.exe[¦++\Yazzle1281OinAdmin.exe]
    Potentially unwanted tool:Application/Altnet Not disinfected C:\Documents and Settings\USER\Local Settings\Temp\__unin__.exe
    Potentially unwanted tool:Application/SystemDoctor2006 Not disinfected C:\Documents and Settings\USER\Local Settings\Temporary Internet Files\Content.IE5\K1CHW50D\SystemDoctor2006FreeInstall[1].cab
    Adware:Adware/TTC Not disinfected C:\Documents and Settings\USER\Local Settings\Temporary Internet Files\Content.IE5\UVGDSZ67\tk58[1].exe
    Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Documents and Settings\USER\Local Settings\Temporary Internet Files\Content.IE5\UVGDSZ67\WinAntiVirusPro2007FreeInstall[1].cab[UWA7P_0001_N91M0809NetInstaller.exe]
    Adware:Adware/WinAntivirus2006 Not disinfected C:\Documents and Settings\USER\Local Settings\Temporary Internet Files\Content.IE5\UVGDSZ67\WinAntiVirusPro2007FreeInstall[1].cab[UWA7P_0001_N91M0809NetInstaller.inf]
    Virus:Generic Malware Disinfected C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll
    Potentially unwanted tool:Application/iWon Not disinfected C:\Program Files\Excite\PrvtMsgr\bin\x8Idle0.dll
    Virus:Generic Malware Disinfected C:\Program Files\Messenger\lavupa.dll
    Virus:Generic Malware Disinfected C:\Program Files\Messenger\lavupa119.dll
    Virus:Generic Malware Disinfected C:\Program Files\Messenger\lavupa612.dll
    Adware:Adware/GameAbyss Not disinfected C:\Program Files\SearchAssistant3\trendy_search.exe[trendy_search.dll]
    Adware:Adware/TTC Not disinfected C:\Program Files\WindowsUpdate\hoke83122.dll
    Virus:Trj/Downloader.OZB Disinfected C:\VundoFix Backups\bqyjtovm.dll.bad
    Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\ejryesbg.dll.bad
    Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\hdfaqwrn.dll.bad
    Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\hgdeb.dll.bad
    Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\ilqeoljr.dll.bad
    Virus:Trj/Downloader.OZB Disinfected C:\VundoFix Backups\iwqgadae.dll.bad
    Adware:Adware/WinAntivirus2006 Not disinfected C:\VundoFix Backups\jxqjnvsa.dll.bad
    Adware:Adware/WinAntivirus2006 Not disinfected C:\VundoFix Backups\kajmvytj.dll.bad
    Virus:Trj/Downloader.OZB Disinfected C:\VundoFix Backups\kqamrcmk.dll.bad
    Virus:Trj/Downloader.OZB Disinfected C:\VundoFix Backups\rxivncjq.dll.bad
    Virus:Trj/Downloader.OZB Disinfected C:\VundoFix Backups\wfspbvlf.dll.bad
    Adware:Adware/ActiveSearch Not disinfected C:\WINDOWS\b122.exe
    Adware:adware/ncase Not disinfected C:\WINDOWS\didduid.ini
    Adware:Adware/Zango Not disinfected C:\WINDOWS\Downloaded Program Files\ClientAX.inf
    Potentially unwanted tool:Application/iWon Not disinfected C:\WINDOWS\Downloaded Program Files\iwonslot1,0,2,5.inf
    Spyware:Spyware/BetterInet Not disinfected C:\WINDOWS\inf\biini.inf
    Adware:Adware/WinTools Not disinfected C:\WINDOWS\Key2.txt
    Spyware:Spyware/New.net Not disinfected C:\WINDOWS\NDNuninstall6_30.exe
    Adware:Adware/DollarRevenue Not disinfected C:\WINDOWS\offun.exe
    Adware:Adware/TTC Not disinfected C:\WINDOWS\system32\B0\mwspasrt83122.exe[TTC.dll]
    Virus:Generic Trojan Disinfected C:\WINDOWS\system32\B1\wr73.exe
    Virus:Trj/Downloader.PJT Disinfected C:\WINDOWS\system32\biynietc.exe
    Virus:Trj/Downloader.OZB Disinfected C:\WINDOWS\system32\bxlhrcmb.exe
    Virus:Trj/Downloader.OZB Disinfected C:\WINDOWS\system32\cmkfrmwf.exe
    Virus:Generic Malware Disinfected C:\WINDOWS\system32\drivers\core.sys
    Virus:Trj/Downloader.PJT Disinfected C:\WINDOWS\system32\fjropbam.exe
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\gamjcokc.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\hgdeb.dll
    Virus:Trj/Downloader.OZB Disinfected C:\WINDOWS\system32\inbavnbq.exe
    Virus:Generic Trojan Disinfected C:\WINDOWS\system32\KDP0db2.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\khfdeee.dll
    Virus:Trj/Downloader.OZB Disinfected C:\WINDOWS\system32\mhdfqxkj.exe
    Virus:Trj/Downloader.OZB Disinfected C:\WINDOWS\system32\psfythlk.exe
    Virus:Trj/Downloader.OZB Disinfected C:\WINDOWS\system32\swlftrxv.dll
    Virus:Trj/Downloader.OZB Disinfected C:\WINDOWS\system32\txfqnrgg.exe
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\wdknuuoo.dll
    Adware:Adware/Mirar Not disinfected C:\WINDOWS\system32\WinATS.dll
    Virus:Trj/Downloader.OZB Disinfected C:\WINDOWS\system32\xkrwmjot.exe
    Virus:Trj/Downloader.OZB Disinfected C:\WINDOWS\system32\xsyggrsd.exe
    Virus:Trj/Downloader.OZB Disinfected C:\WINDOWS\system32\ysvnxxgm.dll
    Adware:Adware/TTC Not disinfected C:\WINDOWS\tk58.exe
    Please help.
     
  2. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, suzyqthebomb.:)

    Welcome to TSG.

    [​IMG]Click here to download HJTInstall.exe
    • Save HJTInstall.exe to your desktop.
    • Doubleclick on the HJTInstall.exe icon on your desktop.
    • By default it will install to C:\Program Files\Trend Micro\HijackThis .
    • Click on Install.
    • It will create a HijackThis icon on the desktop.
    • Once installed, it will launch Hijackthis.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
     
  3. suzyqthebomb

    suzyqthebomb Thread Starter

    Joined:
    Jul 18, 2007
    Messages:
    9
    I would appreciate any and all of your help. My son got a hold of my computer and ruined it.

    Here is my hijackthis log:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:06:05 PM, on 7/19/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\fhcgyvvA.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\hwnjugks.exe
    C:\Program Files\Microsoft Money\System\urlmap.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O4 - HKLM\..\Run: [Kazaa Download Accelerator Updater (required)] regsvr32 /s C:\WINDOWS\System32\KDP2387.dll
    O4 - HKLM\..\Run: [Kazaa Download Accelerator Updater] regsvr32 /s C:\WINDOWS\System32\kdpupd.dll
    O4 - HKLM\..\Run: [fhcgyvvA] C:\WINDOWS\fhcgyvvA.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\hetddpwn.dll",realset
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\ebmmC03.htm (file missing) (HKCU)
    O15 - Trusted Zone: www.getoffutt.com
    O15 - Trusted Zone: www.hernandomls.com
    O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MT...rx.net/360views/Yaris_Exterior_360/index.html
    O16 - DPF: {0D859AF0-C75E-11D4-B760-00E0B81077E8} (FileCruiser Class) - http://mfr.mlxchange.com/Control/FileCruiser.cab
    O16 - DPF: {0D9633EB-D799-4626-B34E-FCC17AFA2BCF} (osi_valid.uCltValid10) - http://www.hernandomls.com/her/valid/osi_valid9j.ocx
    O16 - DPF: {16FD824B-8E7B-11D2-9855-00802962956C} (Specfile Control) - http://mfr.mlxchange.com/Control/Specfile.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://mfr.mlxchange.com/Control/MultiSelectComboBox.cab
    O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://mfr.mlxchange.com/Control/MLXClientUtils.cab
    O16 - DPF: {78523E50-56EB-11D3-B739-CAA1986A452F} (LiteGridCtl Class) - http://mfr.mlxchange.com/Control/LiteGrid.cab
    O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://mfr.mlxchange.com/Control/IRCSharc.cab
    O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://66.15.127.224/msrdp.cab
    O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
    O16 - DPF: {F060A272-A18A-11D3-B75B-00E0B81077E8} (DropList Class) - http://mfr.mlxchange.com/Control/AspCustomCtrls.cab
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe (file missing)
    O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\fhcgyvv.exe (file missing)
    O24 - Desktop Component 0: (no name) - C:\Program Files\Messenger\profsydy.html
    O24 - Desktop Component 1: (no name) - http://www.fedecousa.com/resources/_wsb_logo.GIF

    --
    End of file - 6699 bytes
     
  4. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
  5. suzyqthebomb

    suzyqthebomb Thread Starter

    Joined:
    Jul 18, 2007
    Messages:
    9
    Yes it is
     
  6. suzyqthebomb

    suzyqthebomb Thread Starter

    Joined:
    Jul 18, 2007
    Messages:
    9
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:11:27 PM, on 7/23/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft Money\System\urlmap.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    O4 - HKLM\..\Run: [Kazaa Download Accelerator Updater (required)] regsvr32 /s C:\WINDOWS\System32\KDP2387.dll
    O4 - HKLM\..\Run: [Kazaa Download Accelerator Updater] regsvr32 /s C:\WINDOWS\System32\kdpupd.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\sahesqxr.dll",realset
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
    O15 - Trusted Zone: www.hernandomls.com
    O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MT...rx.net/360views/Yaris_Exterior_360/index.html
    O16 - DPF: {0D859AF0-C75E-11D4-B760-00E0B81077E8} (FileCruiser Class) - http://mfr.mlxchange.com/Control/FileCruiser.cab
    O16 - DPF: {0D9633EB-D799-4626-B34E-FCC17AFA2BCF} (osi_valid.uCltValid10) - http://www.hernandomls.com/her/valid/osi_valid9j.ocx
    O16 - DPF: {16FD824B-8E7B-11D2-9855-00802962956C} (Specfile Control) - http://mfr.mlxchange.com/Control/Specfile.cab
    O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://mfr.mlxchange.com/Control/MultiSelectComboBox.cab
    O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://mfr.mlxchange.com/Control/MLXClientUtils.cab
    O16 - DPF: {78523E50-56EB-11D3-B739-CAA1986A452F} (LiteGridCtl Class) - http://mfr.mlxchange.com/Control/LiteGrid.cab
    O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://mfr.mlxchange.com/Control/IRCSharc.cab
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://66.15.127.224/msrdp.cab
    O16 - DPF: {F060A272-A18A-11D3-B75B-00E0B81077E8} (DropList Class) - http://mfr.mlxchange.com/Control/AspCustomCtrls.cab
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    --
    End of file - 4767 bytes
     
  7. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, suzyqthebomb. :)

    RIGHT-CLICK HERE and Save As (in IE it's "Save Target As") in order to download DelDomains.inf to your desktop. Once downloaded, RIGHT-CLICK DelDomains.inf and select: Install (no need to restart)

    Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.

    [​IMG] Your Java seems to be out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

    Ugrading Java:
    • Download the latest version of Java Runtime Environment (JRE) 6u2.
    • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
    • Click the "Download" button to the right.
    • Check the box that says: "Accept License Agreement".
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java version.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on the download to install the newest version.
    Please download VundoFix.exe to your desktop.

    Note: In the event you already have Vundofix, this is a new version that I need you to download.
    • Double-click VundoFix.exe to run it.
    • You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
    • When VundoFix re-opens, click the Scan for Vundo button.
    • Once it's done scanning, click the Remove Vundo button.
    • You will receive a prompt asking if you want to remove the files, click YES
    • Once you click yes, your desktop will go blank as it starts removing Vundo.
    • When completed, it will prompt that it will shutdown your computer, click OK.
    • Turn your computer back on.
    • Please post the contents of C:\vundofix.txt in your next reply.
    Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.

    Download ComboFix from Here or Here to your Desktop.

    Note: In the event you already have Combofix, this is a new version that I need you to download.
    • Double click combofix.exe and follow the prompts.
    • When finished, it shall produce a log for you. Post that log and in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall

    Download Superantispyware (SAS)
    1. Install it and double-click the icon on your desktop to run it.
    2. It will ask if you want to update the program definitions, click Yes.
    3. Under Configuration and Preferences, click the Preferences button.
    4. Click the Scanning Control tab.
    5. Under Scanner Options make sure the following are checked:
      • Close browsers before scanning
      • Scan for tracking cookies
      • Terminate memory threats before quarantining.
      • Please leave the others unchecked.
      • Click the Close button to leave the control center screen.
    6. On the main screen, under Scan for Harmful Software click Scan your computer.
    7. On the left check C:\Fixed Drive.
    8. On the right, under Complete Scan, choose Perform Complete Scan.
    9. Click Next to start the scan. Please be patient while it scans your computer.
    10. After the scan is complete a summary box will appear. Click OK.
    11. Make sure everything in the white box has a check next to it, then click Next.
    12. It will quarantine what it found and if it asks if you want to reboot, click Yes.
    13. To retrieve the removal information, please do the following:
      • After reboot, double-click the SUPERAntispyware icon on your desktop.
      • Click Preferences. Click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • It will open in your default text editor (such as Notepad/Wordpad).
      • Please highlight everything in the notepad, then right-click and choose copy.
    14. Click close and close again to exit the program.
    15. Please paste that information in your next reply along with a fresh HijackThis log.
     
  8. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    OK, I've merged the two threads. Please continue to reply to this thread.

    Follow the instructions given by JSntgRvr and post the requested information.
     
  9. suzyqthebomb

    suzyqthebomb Thread Starter

    Joined:
    Jul 18, 2007
    Messages:
    9
    VundoFix V6.5.6

    Checking Java version...

    Java version is 1.4.2.4
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.4
    Old versions of java are exploitable and should be removed.

    Scan started at 3:41:52 PM 7/16/2007

    Listing files found while scanning....

    C:\windows\system32\bedgh.bak1
    C:\WINDOWS\system32\bedgh.bak2
    C:\WINDOWS\system32\bedgh.ini
    C:\windows\system32\bqyjtovm.dll
    C:\windows\system32\cnvokrbv.exe
    C:\windows\system32\ejryesbg.dll
    C:\windows\system32\gbseyrje.ini
    C:\windows\system32\gebaabc.dll
    C:\windows\system32\gxbuwiii.exe
    C:\WINDOWS\system32\hdfaqwrn.dll
    C:\WINDOWS\system32\hgdeb.dll
    C:\windows\system32\idupbtjl.exe
    C:\windows\system32\ilqeoljr.dll
    C:\windows\system32\iwqgadae.dll
    C:\windows\system32\jxqjnvsa.dll
    C:\windows\system32\kajmvytj.dll
    C:\WINDOWS\system32\khfdeee.dll
    C:\windows\system32\kqamrcmk.dll
    C:\WINDOWS\system32\nrwqafdh.ini
    C:\windows\system32\oeevvxgg.exe
    C:\windows\system32\rjloeqli.ini
    C:\windows\system32\rxivncjq.dll
    C:\windows\system32\uqpqfqch.exe
    C:\windows\system32\wfspbvlf.dll
    C:\windows\system32\wgtexwqm.exe

    Beginning removal...

    Attempting to delete C:\windows\system32\bedgh.bak1
    C:\windows\system32\bedgh.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\bedgh.bak2
    C:\WINDOWS\system32\bedgh.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\bedgh.ini
    C:\WINDOWS\system32\bedgh.ini Has been deleted!

    Attempting to delete C:\windows\system32\bqyjtovm.dll
    C:\windows\system32\bqyjtovm.dll Has been deleted!

    Attempting to delete C:\windows\system32\cnvokrbv.exe
    C:\windows\system32\cnvokrbv.exe Could not be deleted.

    Attempting to delete C:\windows\system32\ejryesbg.dll
    C:\windows\system32\ejryesbg.dll Could not be deleted.

    Attempting to delete C:\windows\system32\gbseyrje.ini
    C:\windows\system32\gbseyrje.ini Has been deleted!

    Attempting to delete C:\windows\system32\gebaabc.dll
    C:\windows\system32\gebaabc.dll Has been deleted!

    Attempting to delete C:\windows\system32\gxbuwiii.exe
    C:\windows\system32\gxbuwiii.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\hdfaqwrn.dll
    C:\WINDOWS\system32\hdfaqwrn.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\hgdeb.dll
    C:\WINDOWS\system32\hgdeb.dll Could not be deleted.

    Attempting to delete C:\windows\system32\idupbtjl.exe
    C:\windows\system32\idupbtjl.exe Has been deleted!

    Attempting to delete C:\windows\system32\ilqeoljr.dll
    C:\windows\system32\ilqeoljr.dll Has been deleted!

    Attempting to delete C:\windows\system32\iwqgadae.dll
    C:\windows\system32\iwqgadae.dll Has been deleted!

    Attempting to delete C:\windows\system32\jxqjnvsa.dll
    C:\windows\system32\jxqjnvsa.dll Has been deleted!

    Attempting to delete C:\windows\system32\kajmvytj.dll
    C:\windows\system32\kajmvytj.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\khfdeee.dll
    C:\WINDOWS\system32\khfdeee.dll Could not be deleted.

    Attempting to delete C:\windows\system32\kqamrcmk.dll
    C:\windows\system32\kqamrcmk.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\nrwqafdh.ini
    C:\WINDOWS\system32\nrwqafdh.ini Has been deleted!

    Attempting to delete C:\windows\system32\oeevvxgg.exe
    C:\windows\system32\oeevvxgg.exe Has been deleted!

    Attempting to delete C:\windows\system32\rjloeqli.ini
    C:\windows\system32\rjloeqli.ini Has been deleted!

    Attempting to delete C:\windows\system32\rxivncjq.dll
    C:\windows\system32\rxivncjq.dll Has been deleted!

    Attempting to delete C:\windows\system32\uqpqfqch.exe
    C:\windows\system32\uqpqfqch.exe Has been deleted!

    Attempting to delete C:\windows\system32\wfspbvlf.dll
    C:\windows\system32\wfspbvlf.dll Has been deleted!

    Attempting to delete C:\windows\system32\wgtexwqm.exe
    C:\windows\system32\wgtexwqm.exe Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\bedgh.ini
    C:\WINDOWS\system32\bedgh.ini Has been deleted!

    Attempting to delete C:\windows\system32\cnvokrbv.exe
    C:\windows\system32\cnvokrbv.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\hdfaqwrn.dll
    C:\WINDOWS\system32\hdfaqwrn.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\hgdeb.dll
    C:\WINDOWS\system32\hgdeb.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\khfdeee.dll
    C:\WINDOWS\system32\khfdeee.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    VundoFix V6.5.6

    Checking Java version...

    Java version is 1.4.2.4
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.4
    Old versions of java are exploitable and should be removed.

    Scan started at 5:39:02 PM 7/23/2007

    Listing files found while scanning....

    C:\windows\system32\abvsktrm.dll
    C:\windows\system32\aqwpmtja.dll
    C:\windows\system32\awtcpttn.ini
    C:\WINDOWS\system32\bedgh.bak2
    C:\WINDOWS\system32\bedgh.ini
    C:\WINDOWS\system32\bedgh.ini2
    C:\WINDOWS\system32\bedgh.tmp
    C:\windows\system32\bvokwiqa.dll
    C:\windows\system32\cjkftuvg.dll
    C:\windows\system32\ddcxxhvf.dll
    C:\windows\system32\dllolnbh.exe
    C:\windows\system32\ejpjogkv.exe
    C:\windows\system32\evrgshwb.exe
    C:\windows\system32\fderymxq.dll
    C:\windows\system32\fiwslsif.dll
    C:\windows\system32\fwbsfpjg.exe
    C:\windows\system32\gamojknx.exe
    C:\windows\system32\giqatbek.exe
    C:\windows\system32\harvegkn.dll
    C:\WINDOWS\system32\hgdeb.dll
    C:\windows\system32\hmxjalfq.dll
    C:\windows\system32\hplscgha.dll
    C:\windows\system32\hwnjugks.exe
    C:\WINDOWS\system32\jdygiuyu.dll
    C:\windows\system32\jqieqbdr.dll
    C:\windows\system32\jsjhtdtn.ini
    C:\WINDOWS\system32\khfdeee.dll
    C:\windows\system32\kltdnouv.dll
    C:\windows\system32\klvetkeg.dll
    C:\windows\system32\krongucs.exe
    C:\windows\system32\ksvmbytc.exe
    C:\windows\system32\lfoivgsj.exe
    C:\windows\system32\lgxiixxw.exe
    C:\windows\system32\lhhnremi.exe
    C:\windows\system32\mgsndbpt.ini
    C:\windows\system32\mqadulef.dll
    C:\windows\system32\mycncdkh.dll
    C:\windows\system32\nevhfshq.exe
    C:\windows\system32\noplgisu.dll
    C:\windows\system32\ntdthjsj.dll
    C:\windows\system32\nttpctwa.dll
    C:\windows\system32\ocqyojac.exe
    C:\windows\system32\oouunkdw.ini
    C:\windows\system32\oqtdabho.dll
    C:\windows\system32\oxgtsgpf.dll
    C:\windows\system32\pcdvvbal.exe
    C:\windows\system32\pjwfakxb.dll
    C:\windows\system32\pmtjxlym.exe
    C:\windows\system32\qmpiybud.dll
    C:\windows\system32\rxqsehas.ini
    C:\windows\system32\sahesqxr.dll
    C:\windows\system32\syuvonsk.exe
    C:\windows\system32\tfvugxqw.ini
    C:\windows\system32\tkwchvxa.exe
    C:\windows\system32\toegkyfk.dll
    C:\windows\system32\tpbdnsgm.dll
    C:\windows\system32\tyiluold.dll
    C:\windows\system32\ugyngxag.dll
    C:\windows\system32\uwyuegsp.dll
    C:\windows\system32\uyuigydj.ini
    C:\windows\system32\vdulycst.exe
    C:\windows\system32\vhnaccgm.dll
    C:\windows\system32\vjaalcvk.exe
    C:\windows\system32\vpagndlg.exe
    C:\windows\system32\vuondtlk.ini
    C:\windows\system32\wdknuuoo.dll
    C:\windows\system32\whgrwrhu.dll
    C:\windows\system32\wqxguvft.dll
    C:\windows\system32\wywqtkhj.dll
    C:\windows\system32\xexojewa.exe
    C:\windows\system32\xhiowyla.exe
    C:\windows\system32\xjtmgqhc.exe
    C:\windows\system32\yypimqui.dll

    Beginning removal...

    Attempting to delete C:\windows\system32\abvsktrm.dll
    C:\windows\system32\abvsktrm.dll Has been deleted!

    Attempting to delete C:\windows\system32\aqwpmtja.dll
    C:\windows\system32\aqwpmtja.dll Has been deleted!

    Attempting to delete C:\windows\system32\awtcpttn.ini
    C:\windows\system32\awtcpttn.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\bedgh.bak2
    C:\WINDOWS\system32\bedgh.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\bedgh.ini
    C:\WINDOWS\system32\bedgh.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\bedgh.ini2
    C:\WINDOWS\system32\bedgh.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\bedgh.tmp
    C:\WINDOWS\system32\bedgh.tmp Has been deleted!

    Attempting to delete C:\windows\system32\bvokwiqa.dll
    C:\windows\system32\bvokwiqa.dll Has been deleted!

    Attempting to delete C:\windows\system32\cjkftuvg.dll
    C:\windows\system32\cjkftuvg.dll Has been deleted!

    Attempting to delete C:\windows\system32\ddcxxhvf.dll
    C:\windows\system32\ddcxxhvf.dll Has been deleted!

    Attempting to delete C:\windows\system32\dllolnbh.exe
    C:\windows\system32\dllolnbh.exe Has been deleted!

    Attempting to delete C:\windows\system32\ejpjogkv.exe
    C:\windows\system32\ejpjogkv.exe Has been deleted!

    Attempting to delete C:\windows\system32\evrgshwb.exe
    C:\windows\system32\evrgshwb.exe Has been deleted!

    Attempting to delete C:\windows\system32\fderymxq.dll
    C:\windows\system32\fderymxq.dll Has been deleted!

    Attempting to delete C:\windows\system32\fiwslsif.dll
    C:\windows\system32\fiwslsif.dll Has been deleted!

    Attempting to delete C:\windows\system32\fwbsfpjg.exe
    C:\windows\system32\fwbsfpjg.exe Has been deleted!

    Attempting to delete C:\windows\system32\gamojknx.exe
    C:\windows\system32\gamojknx.exe Has been deleted!

    Attempting to delete C:\windows\system32\giqatbek.exe
    C:\windows\system32\giqatbek.exe Has been deleted!

    Attempting to delete C:\windows\system32\harvegkn.dll
    C:\windows\system32\harvegkn.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\hgdeb.dll
    C:\WINDOWS\system32\hgdeb.dll Could not be deleted.

    Attempting to delete C:\windows\system32\hmxjalfq.dll
    C:\windows\system32\hmxjalfq.dll Has been deleted!

    Attempting to delete C:\windows\system32\hplscgha.dll
    C:\windows\system32\hplscgha.dll Has been deleted!

    Attempting to delete C:\windows\system32\hwnjugks.exe
    C:\windows\system32\hwnjugks.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jdygiuyu.dll
    C:\WINDOWS\system32\jdygiuyu.dll Could not be deleted.

    Attempting to delete C:\windows\system32\jqieqbdr.dll
    C:\windows\system32\jqieqbdr.dll Has been deleted!

    Attempting to delete C:\windows\system32\jsjhtdtn.ini
    C:\windows\system32\jsjhtdtn.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\khfdeee.dll
    C:\WINDOWS\system32\khfdeee.dll Could not be deleted.

    Attempting to delete C:\windows\system32\kltdnouv.dll
    C:\windows\system32\kltdnouv.dll Has been deleted!

    Attempting to delete C:\windows\system32\klvetkeg.dll
    C:\windows\system32\klvetkeg.dll Has been deleted!

    Attempting to delete C:\windows\system32\krongucs.exe
    C:\windows\system32\krongucs.exe Has been deleted!

    Attempting to delete C:\windows\system32\ksvmbytc.exe
    C:\windows\system32\ksvmbytc.exe Has been deleted!

    Attempting to delete C:\windows\system32\lfoivgsj.exe
    C:\windows\system32\lfoivgsj.exe Has been deleted!

    Attempting to delete C:\windows\system32\lgxiixxw.exe
    C:\windows\system32\lgxiixxw.exe Has been deleted!

    Attempting to delete C:\windows\system32\lhhnremi.exe
    C:\windows\system32\lhhnremi.exe Has been deleted!

    Attempting to delete C:\windows\system32\mgsndbpt.ini
    C:\windows\system32\mgsndbpt.ini Has been deleted!

    Attempting to delete C:\windows\system32\mqadulef.dll
    C:\windows\system32\mqadulef.dll Has been deleted!

    Attempting to delete C:\windows\system32\mycncdkh.dll
    C:\windows\system32\mycncdkh.dll Has been deleted!

    Attempting to delete C:\windows\system32\nevhfshq.exe
    C:\windows\system32\nevhfshq.exe Has been deleted!

    Attempting to delete C:\windows\system32\noplgisu.dll
    C:\windows\system32\noplgisu.dll Has been deleted!

    Attempting to delete C:\windows\system32\ntdthjsj.dll
    C:\windows\system32\ntdthjsj.dll Has been deleted!

    Attempting to delete C:\windows\system32\nttpctwa.dll
    C:\windows\system32\nttpctwa.dll Has been deleted!

    Attempting to delete C:\windows\system32\ocqyojac.exe
    C:\windows\system32\ocqyojac.exe Has been deleted!

    Attempting to delete C:\windows\system32\oouunkdw.ini
    C:\windows\system32\oouunkdw.ini Has been deleted!

    Attempting to delete C:\windows\system32\oqtdabho.dll
    C:\windows\system32\oqtdabho.dll Has been deleted!

    Attempting to delete C:\windows\system32\oxgtsgpf.dll
    C:\windows\system32\oxgtsgpf.dll Has been deleted!

    Attempting to delete C:\windows\system32\pcdvvbal.exe
    C:\windows\system32\pcdvvbal.exe Has been deleted!

    Attempting to delete C:\windows\system32\pjwfakxb.dll
    C:\windows\system32\pjwfakxb.dll Has been deleted!

    Attempting to delete C:\windows\system32\pmtjxlym.exe
    C:\windows\system32\pmtjxlym.exe Has been deleted!

    Attempting to delete C:\windows\system32\qmpiybud.dll
    C:\windows\system32\qmpiybud.dll Has been deleted!

    Attempting to delete C:\windows\system32\rxqsehas.ini
    C:\windows\system32\rxqsehas.ini Has been deleted!

    Attempting to delete C:\windows\system32\sahesqxr.dll
    C:\windows\system32\sahesqxr.dll Could not be deleted.

    Attempting to delete C:\windows\system32\syuvonsk.exe
    C:\windows\system32\syuvonsk.exe Has been deleted!

    Attempting to delete C:\windows\system32\tfvugxqw.ini
    C:\windows\system32\tfvugxqw.ini Has been deleted!

    Attempting to delete C:\windows\system32\tkwchvxa.exe
    C:\windows\system32\tkwchvxa.exe Has been deleted!

    Attempting to delete C:\windows\system32\toegkyfk.dll
    C:\windows\system32\toegkyfk.dll Has been deleted!

    Attempting to delete C:\windows\system32\tpbdnsgm.dll
    C:\windows\system32\tpbdnsgm.dll Has been deleted!

    Attempting to delete C:\windows\system32\tyiluold.dll
    C:\windows\system32\tyiluold.dll Has been deleted!

    Attempting to delete C:\windows\system32\ugyngxag.dll
    C:\windows\system32\ugyngxag.dll Could not be deleted.

    Attempting to delete C:\windows\system32\uwyuegsp.dll
    C:\windows\system32\uwyuegsp.dll Has been deleted!

    Attempting to delete C:\windows\system32\uyuigydj.ini
    C:\windows\system32\uyuigydj.ini Has been deleted!

    Attempting to delete C:\windows\system32\vdulycst.exe
    C:\windows\system32\vdulycst.exe Has been deleted!

    Attempting to delete C:\windows\system32\vhnaccgm.dll
    C:\windows\system32\vhnaccgm.dll Has been deleted!

    Attempting to delete C:\windows\system32\vjaalcvk.exe
    C:\windows\system32\vjaalcvk.exe Has been deleted!

    Attempting to delete C:\windows\system32\vpagndlg.exe
    C:\windows\system32\vpagndlg.exe Has been deleted!

    Attempting to delete C:\windows\system32\vuondtlk.ini
    C:\windows\system32\vuondtlk.ini Has been deleted!

    Attempting to delete C:\windows\system32\wdknuuoo.dll
    C:\windows\system32\wdknuuoo.dll Has been deleted!

    Attempting to delete C:\windows\system32\whgrwrhu.dll
    C:\windows\system32\whgrwrhu.dll Has been deleted!

    Attempting to delete C:\windows\system32\wqxguvft.dll
    C:\windows\system32\wqxguvft.dll Has been deleted!

    Attempting to delete C:\windows\system32\wywqtkhj.dll
    C:\windows\system32\wywqtkhj.dll Has been deleted!

    Attempting to delete C:\windows\system32\xexojewa.exe
    C:\windows\system32\xexojewa.exe Could not be deleted.

    Attempting to delete C:\windows\system32\xhiowyla.exe
    C:\windows\system32\xhiowyla.exe Has been deleted!

    Attempting to delete C:\windows\system32\xjtmgqhc.exe
    C:\windows\system32\xjtmgqhc.exe Has been deleted!

    Attempting to delete C:\windows\system32\yypimqui.dll
    C:\windows\system32\yypimqui.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\bedgh.ini
    C:\WINDOWS\system32\bedgh.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\bedgh.ini2
    C:\WINDOWS\system32\bedgh.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\hgdeb.dll
    C:\WINDOWS\system32\hgdeb.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\jdygiuyu.dll
    C:\WINDOWS\system32\jdygiuyu.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\khfdeee.dll
    C:\WINDOWS\system32\khfdeee.dll Could not be deleted.

    Attempting to delete C:\windows\system32\ugyngxag.dll
    C:\windows\system32\ugyngxag.dll Has been deleted!

    Attempting to delete C:\windows\system32\xexojewa.exe
    C:\windows\system32\xexojewa.exe Has been deleted!

    Performing Repairs to the registry.
    Done!
     
  10. suzyqthebomb

    suzyqthebomb Thread Starter

    Joined:
    Jul 18, 2007
    Messages:
    9
    "USER" - 2007-07-23 18:16:08 - ComboFix 07-07-23.6 - Service Pack 2 NTFS


    (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\gebcy.dll
    C:\WINDOWS\system32\ndyrpdew.exe
    C:\WINDOWS\system32\ycbeg.ini
    C:\WINDOWS\system32\bedgh.ini
    C:\WINDOWS\system32\hgdeb.dll
    C:\WINDOWS\system32\khfdeee.dll
    C:\WINDOWS\system32\khfdeee.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Program Files\Messenger\lavupa.dll
    C:\Program Files\smbols~1
    C:\temp\tn3
    C:\WINDOWS\b122.exe
    C:\WINDOWS\NDNuninstall6_30.exe
    C:\WINDOWS\retadpu2000219.exe
    C:\WINDOWS\system32\adoijylk.exe
    C:\WINDOWS\system32\anusjlaq.exe
    C:\WINDOWS\system32\autalwln.exe
    C:\WINDOWS\system32\axnxanbk.exe
    C:\WINDOWS\system32\aycrajbl.exe
    C:\WINDOWS\system32\B0
    C:\WINDOWS\system32\B0\mwspasrt83122.exe
    C:\WINDOWS\system32\b02FdUe
    C:\WINDOWS\system32\B1
    C:\WINDOWS\system32\B2
    C:\WINDOWS\system32\B3
    C:\WINDOWS\system32\B4
    C:\WINDOWS\system32\B4\bw73.exe
    C:\WINDOWS\system32\B5
    C:\WINDOWS\system32\cpfcncex.exe
    C:\WINDOWS\system32\dmnmacgy.exe
    C:\WINDOWS\system32\driver
    C:\WINDOWS\system32\drivers\core.cache.dsk
    C:\WINDOWS\system32\drivers\core.sys
    C:\WINDOWS\system32\drxinlny.exe
    C:\WINDOWS\system32\ejaijpar.exe
    C:\WINDOWS\system32\fcygvoxp.exe
    C:\WINDOWS\system32\fywlrbcp.exe
    C:\WINDOWS\system32\imsrsjcf.exe
    C:\WINDOWS\system32\iouqfjjt.exe
    C:\WINDOWS\system32\iugaddqo.exe
    C:\WINDOWS\system32\jsxsdvom.exe
    C:\WINDOWS\system32\kjipmsrn.exe
    C:\WINDOWS\system32\lbhmaahh.exe
    C:\WINDOWS\system32\masvjusu.exe
    C:\WINDOWS\system32\mwxkutyo.exe
    C:\WINDOWS\system32\necbmfxk.exe
    C:\WINDOWS\system32\nunthelh.exe
    C:\WINDOWS\system32\oefqorpa.exe
    C:\WINDOWS\system32\pxaoqitu.exe
    C:\WINDOWS\system32\qkipakqr.exe
    C:\WINDOWS\system32\qotoioos.exe
    C:\WINDOWS\system32\qxncwyjl.exe
    C:\WINDOWS\system32\rkcqyhsw.exe
    C:\WINDOWS\system32\rssuovjh.exe
    C:\WINDOWS\system32\ttjyyjvs.exe
    C:\WINDOWS\system32\tvxonvie.exe
    C:\WINDOWS\system32\udnaertw.exe
    C:\WINDOWS\system32\ufvbitda.exe
    C:\WINDOWS\system32\uhgjwfow.exe
    C:\WINDOWS\system32\utrrkuvp.exe
    C:\WINDOWS\system32\winpfz32.sys
    C:\WINDOWS\system32\xppjmimu.exe
    C:\WINDOWS\system32\zxdnt3d.cfg
    C:\WINDOWS\tk58.exe
    C:\WINDOWS\wr.txt


    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\LEGACY_CORE
    -------\LEGACY_NET_AGENT
    -------\LEGACY_WINDOWS_OVERLAY_COMPONENTS
    -------\core
    -------\Net Agent


    ((((((((((((((((((((((((( Files Created from 2007-06-23 to 2007-07-23 )))))))))))))))))))))))))))))))


    2007-07-23 18:15 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-07-23 16:28 164 --a------ C:\install.dat
    2007-07-23 16:24 <DIR> d-------- C:\DOCUME~1\USER\APPLIC~1\GetRightToGo
    2007-07-19 12:43 <DIR> d-------- C:\DOCUME~1\USER\DoctorWeb
    2007-07-19 12:04 <DIR> d-------- C:\Program Files\Trend Micro
    2007-07-17 16:02 8,576 --a------ C:\WINDOWS\system32\drivers\oxjrxkrujvwl.sys
    2007-07-16 15:41 <DIR> d-------- C:\VundoFix Backups
    2007-07-12 08:29 1,056,352 -r-hs---- C:\WINDOWS\fhcgyvvA.exe
    2007-07-12 08:29 <DIR> d-------- C:\Temp\0c2
    2007-07-12 08:28 <DIR> d-------- C:\Temp\brr
    2007-06-30 20:28 <DIR> d-------- C:\WINDOWS\.jagex_cache_34
    2007-06-30 20:24 <DIR> d-------- C:\WINDOWS\.jagex_cache_32


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2010-03-11 18:27:38 -------- d-----w C:\DOCUME~1\USER\APPLIC~1\Symantec
    2007-07-23 22:20:13 -------- d-----w C:\Program Files\Messenger
    2007-07-23 20:57:58 -------- d-----w C:\Program Files\SearchAssistant3
    2007-07-19 17:34:10 -------- d--h--w C:\Program Files\WindowsUpdate
    2007-07-17 21:08:44 -------- d-----w C:\Program Files\Microsoft AntiSpyware
    2007-06-26 17:19:20 -------- d-----w C:\DOCUME~1\USER\APPLIC~1\AdobeUM
    2007-06-25 20:38:07 -------- d-----w C:\Program Files\NoAdware5.0
    1998-12-09 02:53:54 99,840 ----a-w C:\Program Files\Common Files\IRAABOUT.DLL
    1998-12-09 02:53:54 70,144 ----a-w C:\Program Files\Common Files\IRAMDMTR.DLL
    1998-12-09 02:53:54 48,640 ----a-w C:\Program Files\Common Files\IRALPTTR.DLL
    1998-12-09 02:53:54 31,744 ----a-w C:\Program Files\Common Files\IRAWEBTR.DLL
    1998-12-09 02:53:54 186,368 ----a-w C:\Program Files\Common Files\IRAREG.DLL
    1998-12-09 02:53:54 17,920 ----a-w C:\Program Files\Common Files\IRASRIAL.DLL


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E9C1FD9A-46B0-4185-84ED-E2F8ACD4A262}]
    C:\WINDOWS\System32\KDP2387.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-21 11:13]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
    backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
    backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Picture Transfer Software.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Picture Transfer Software.lnk
    backup=C:\WINDOWS\pss\KODAK Picture Transfer Software.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
    backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
    backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Symantec Fax Starter Edition Port.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Symantec Fax Starter Edition Port.lnk
    backup=C:\WINDOWS\pss\Symantec Fax Starter Edition Port.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^USER^Start Menu^Programs^Startup^TA_Start.lnk]
    path=C:\Documents and Settings\USER\Start Menu\Programs\Startup\TA_Start.lnk
    backup=C:\WINDOWS\pss\TA_Start.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^USER^Start Menu^Programs^Startup^Think-Adz.lnk]
    path=C:\Documents and Settings\USER\Start Menu\Programs\Startup\Think-Adz.lnk
    backup=C:\WINDOWS\pss\Think-Adz.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced Tools Check]
    C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
    "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]
    "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlmMgr]
    "C:\Program Files\Common Files\Adobe\ESD\AdobeDownloadManager.exe" restart=1

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExploreUpdSched]
    C:\WINDOWS\system32\qwinsndt.exe SKY009

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fhcgyvvA]
    C:\WINDOWS\fhcgyvvA.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
    "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
    "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "C:\Program Files\iTunes\iTunesHelper.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    %systemroot%\system32\dumprep 0 -k

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
    C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
    C:\Program Files\Microsoft Works\WkDetect.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0]
    "C:\Program Files\Microsoft Money\System\Activation.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPTBox]
    "C:\Program Files\Canon\MultiPASS\MPTBox.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
    C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    nwiz.exe /install

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]
    C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCShield]
    regsvr32 /s "C:\WINDOWS\System32\sfg_5c94.dll"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Qvxly]
    "C:\Program Files\s?mbols\winspool.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
    "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
    C:\WINDOWS\retadpu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smsa]
    "C:\DOCUME~1\USER\MYDOCU~1\CROSOF~1\netdde.exe" -vt yazb

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter]
    C:\Program Files\SpyHunter\SpyHunter.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
    "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
    C:\Program Files\Microsoft Works\wkfud.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
    "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{09-92-27-7D-ZN}]
    C:\windows\system32\mrdsregj.exe SKY009

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "xmlprov"=3 (0x3)
    "wuauserv"=2 (0x2)
    "WmdmPmSN"=3 (0x3)
    "vsmon"=2 (0x2)
    "iPodService"=3 (0x3)
    "ERSvc"=2 (0x2)
    "SharedAccess"=2 (0x2)
    "wscsvc"=2 (0x2)
    "Messenger"=2 (0x2)
    "KodakCCS"=3 (0x3)
    "Dcfssvc"=2 (0x2)

    R1 DcCam;Kodak Camera Proxy;C:\WINDOWS\system32\DRIVERS\DcCam.sys
    R2 DCFS2K;Kodak DCFS2K Driver;C:\WINDOWS\system32\drivers\dcfs2k.sys
    R3 BCMModem;BCM V.90 56K Modem;C:\WINDOWS\system32\DRIVERS\BCMDM.sys
    S1 Exportit;Exportit;C:\WINDOWS\system32\DRIVERS\exportit.sys
    S3 BCM42XX;Broadcom iLine10(tm) Network Adapter Driver;C:\WINDOWS\system32\DRIVERS\bcm42xx5.sys
    S3 ctljystk;Creative SBLive! Gameport;C:\WINDOWS\system32\DRIVERS\ctljystk.sys
    S3 DcFpoint;DcFpoint;C:\WINDOWS\system32\DRIVERS\DcFpoint.sys
    S3 DcLps;Legacy Polling Service;C:\WINDOWS\system32\DRIVERS\DcLps.sys
    S3 DcPTP;dcptp;C:\WINDOWS\system32\DRIVERS\DcPTP.sys
    S3 dot4;MS IEEE-1284.4 Driver;C:\WINDOWS\system32\DRIVERS\Dot4.sys
    S3 Dot4Print;Print Class Driver for IEEE-1284.4;C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
    S3 Dot4Scan;Scan Class Driver for IEEE-1284.4;C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
    S3 dot4usb;Dot4USB Filter Dot4USB Filter;C:\WINDOWS\system32\DRIVERS\dot4usb.sys
    S3 SMC1211;SMC EZ Card 10/100 PCI (SMC1211 Series) NT 5.0 Driver;C:\WINDOWS\system32\DRIVERS\SMC1211.SYS
    S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys
    S3 usb_rndisx;USB RNDIS Adapter;C:\WINDOWS\system32\DRIVERS\usb8023x.sys

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Usnsvc usnsvc


    Contents of the 'Scheduled Tasks' folder
    2007-07-17 01:14:00 C:\WINDOWS\tasks\Disk Cleanup.job

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-23 18:24:16
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-07-23 18:26:00 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-07-23 18:25

    --- E O F ---
     
  11. suzyqthebomb

    suzyqthebomb Thread Starter

    Joined:
    Jul 18, 2007
    Messages:
    9
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 07/23/2007 at 08:33 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3272
    Trace Rules Database Version: 1283

    Scan type : Complete Scan
    Total Scan Time : 01:59:46

    Memory items scanned : 290
    Memory threats detected : 0
    Registry items scanned : 6313
    Registry threats detected : 130
    File items scanned : 71286
    File threats detected : 249

    Adware.MyWay
    HKLM\Software\Classes\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10}
    HKCR\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}
    HKCR\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}\InProcServer32
    C:\PROGRAM FILES\MYWAY\MYBAR\4.BIN\MYBAR.DLL
    HKLM\Software\Classes\CLSID\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC}
    HKCR\CLSID\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}
    HKCR\CLSID\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}
    HKCR\CLSID\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}\InprocServer32
    HKCR\CLSID\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}\InprocServer32#ThreadingModel
    HKCR\CLSID\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}\Programmable
    HKCR\CLSID\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}\TypeLib
    HKLM\Software\Classes\CLSID\{0494D0D9-F8E0-41ad-92A3-14154ECE70AC}
    HKCR\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}
    HKCR\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}
    HKCR\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}\InprocServer32
    HKCR\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}\InprocServer32#ThreadingModel
    HKCR\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}\Programmable
    HKCR\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}\TypeLib
    HKU\S-1-5-21-1960408961-813497703-1343024091-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}
    HKCR\TypeLib\{0494D0D0-F8E0-41ad-92A3-14154ECE70AC}
    HKCR\TypeLib\{0494D0D0-F8E0-41ad-92A3-14154ECE70AC}\1.0
    HKCR\TypeLib\{0494D0D0-F8E0-41ad-92A3-14154ECE70AC}\1.0\0
    HKCR\TypeLib\{0494D0D0-F8E0-41ad-92A3-14154ECE70AC}\1.0\0\win32
    HKCR\TypeLib\{0494D0D0-F8E0-41ad-92A3-14154ECE70AC}\1.0\FLAGS
    HKCR\TypeLib\{0494D0D0-F8E0-41ad-92A3-14154ECE70AC}\1.0\HELPDIR
    HKCR\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}
    HKCR\MyWayToolBar.NetscapeShutdown
    HKCR\MyWayToolBar.NetscapeShutdown\CLSID
    HKCR\MyWayToolBar.NetscapeShutdown\CurVer
    HKCR\MyWayToolBar.NetscapeShutdown.1
    HKCR\MyWayToolBar.NetscapeShutdown.1\CLSID
    HKCR\MyWayToolBar.NetscapeStartup
    HKCR\MyWayToolBar.NetscapeStartup\CLSID
    HKCR\MyWayToolBar.NetscapeStartup\CurVer
    HKCR\MyWayToolBar.NetscapeStartup.1
    HKCR\MyWayToolBar.NetscapeStartup.1\CLSID
    HKCR\MyWayToolBar.SettingsPlugin
    HKCR\MyWayToolBar.SettingsPlugin\CLSID
    HKCR\MyWayToolBar.SettingsPlugin\CurVer
    HKCR\MyWayToolBar.SettingsPlugin.1
    HKCR\MyWayToolBar.SettingsPlugin.1\CLSID
    HKCR\CLSID\{014DA6CD-189F-421a-88CD-07CFE51CFF10}
    HKCR\CLSID\{014DA6CD-189F-421a-88CD-07CFE51CFF10}\InProcServer32
    HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}
    HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\Control
    HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32
    HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32#ThreadingModel
    HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus
    HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus\1
    HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\Programmable
    HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\TypeLib
    HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\Version
    HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}
    HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\Control
    HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32
    HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32#ThreadingModel
    HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus
    HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus\1
    HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\Programmable
    HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\TypeLib
    HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\Version
    HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}
    HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32
    HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32#ThreadingModel
    HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\ProgID
    HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\Programmable
    HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\TypeLib
    HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\VersionIndependentProgID
    HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}
    HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32
    HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32#ThreadingModel
    HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\ProgID
    HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\Programmable
    HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\TypeLib
    HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\VersionIndependentProgID
    HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}
    HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\Control
    HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32
    HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32#ThreadingModel
    HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus
    HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus\1
    HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\ProgID
    HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\Programmable
    HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\TypeLib
    HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\Version
    HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\VersionIndependentProgID
    HKLM\Software\MyWay
    HKLM\Software\MyWay\myBar
    HKLM\Software\MyWay\myBar#Dir
    HKLM\Software\MyWay\myBar#ShzmCurInstall
    HKLM\Software\MyWay\myBar#pid
    HKLM\Software\MyWay\myBar#CurInstall
    HKLM\Software\MyWay\myBar#sr
    HKLM\Software\MyWay\myBar#pl
    HKLM\Software\MyWay\myBar#Id
    HKLM\Software\MyWay\myBar#Build
    HKLM\Software\MyWay\myBar#CacheDir
    HKLM\Software\MyWay\myBar#HistoryDir
    HKLM\Software\MyWay\myBar#Visible
    HKLM\Software\MyWay\myBar#Maximized
    HKLM\Software\MyWay\myBar#SettingsDir
    HKLM\Software\MyWay\myBar#ConfigRevisionURL
    HKLM\Software\MyWay\myBar#strings
    HKLM\Software\MyWay\myBar#ConfigDateStamp
    HKLM\Software\MyWay\myBar#ConfigRevision
    HKLM\Software\MyWay\myBar\partner
    HKLM\Software\MyWay\myBar\partner#bitmap
    HKLM\Software\MyWay\myBar\partner#name
    HKLM\Software\MyWay\myBar\partner#test
    HKLM\Software\MyWay\myBar\partner#PM-Home
    HKLM\Software\MyWay\myBar\partner#PM-Points
    HKLM\Software\MyWay\myBar\partner#PM-Redeem
    HKLM\Software\MyWay\myBar\partner#PM-Wallet
    HKLM\Software\MyWay\myBar\partner#PM-Settings
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall#HelpLink
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall#Publisher
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall#UninstallString
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall#UrlInfoAbout

    Adware.SafeGuardProtect
    HKLM\Software\Classes\CLSID\{E9C1FD9A-46B0-4185-84ED-E2F8ACD4A262}
    HKCR\CLSID\{E9C1FD9A-46B0-4185-84ED-E2F8ACD4A262}
    HKCR\CLSID\{E9C1FD9A-46B0-4185-84ED-E2F8ACD4A262}
    HKCR\CLSID\{E9C1FD9A-46B0-4185-84ED-E2F8ACD4A262}#AppID
    HKCR\CLSID\{E9C1FD9A-46B0-4185-84ED-E2F8ACD4A262}\InprocServer32
    HKCR\CLSID\{E9C1FD9A-46B0-4185-84ED-E2F8ACD4A262}\InprocServer32#ThreadingModel
    HKCR\CLSID\{E9C1FD9A-46B0-4185-84ED-E2F8ACD4A262}\ProgID
    HKCR\CLSID\{E9C1FD9A-46B0-4185-84ED-E2F8ACD4A262}\Programmable
    HKCR\CLSID\{E9C1FD9A-46B0-4185-84ED-E2F8ACD4A262}\TypeLib
    HKCR\CLSID\{E9C1FD9A-46B0-4185-84ED-E2F8ACD4A262}\VersionIndependentProgID
    C:\WINDOWS\SYSTEM32\KDP2387.DLL
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E9C1FD9A-46B0-4185-84ED-E2F8ACD4A262}
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP112\A0057827.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP112\A0057828.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP112\A0057829.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0068302.DLL
    C:\WINDOWS\SYSTEM32\SFG_3B66.DLL

    Adware.Tracking Cookie
    C:\Documents and Settings\USER\Cookies\[email protected][1].txt
    C:\Documents and Settings\USER\Cookies\[email protected][1].txt
    C:\Documents and Settings\USER\Cookies\[email protected][2].txt
    C:\Documents and Settings\USER\Cookies\[email protected][2].txt
    C:\Documents and Settings\USER\Cookies\[email protected][3].txt
    C:\Documents and Settings\USER\Cookies\[email protected][1].txt
    C:\Documents and Settings\USER\Cookies\[email protected][1].txt
    C:\Documents and Settings\USER\Cookies\[email protected][1].txt
    C:\Documents and Settings\USER\Cookies\[email protected][2].txt
    C:\Documents and Settings\USER\Cookies\[email protected][1].txt
    C:\Documents and Settings\USER\Cookies\[email protected][1].txt
    C:\Documents and Settings\USER\Cookies\[email protected][1].txt
    C:\Documents and Settings\USER\Cookies\[email protected][1].txt
    C:\Documents and Settings\USER\Cookies\[email protected][1].txt
    C:\Documents and Settings\USER\Cookies\[email protected][2].txt
    C:\Documents and Settings\USER\Cookies\[email protected][1].txt
    C:\Documents and Settings\USER\Cookies\[email protected][3].txt
    C:\Documents and Settings\USER\Cookies\[email protected][1].txt
    C:\Documents and Settings\USER\Cookies\[email protected][2].txt
    C:\Documents and Settings\USER\Cookies\[email protected][1].txt
    C:\Documents and Settings\USER\Cookies\[email protected][1].txt
    C:\Documents and Settings\USER\Cookies\[email protected][1].txt
    C:\Documents and Settings\USER\Cookies\[email protected][1].txt
    C:\Documents and Settings\USER\Cookies\[email protected][1].txt
    C:\Documents and Settings\USER\Cookies\[email protected][1].txt
    C:\Documents and Settings\USER\Cookies\[email protected][1].txt
    C:\Documents and Settings\USER\Cookies\[email protected][2].txt
    C:\Documents and Settings\USER\Cookies\[email protected][3].txt
    C:\Documents and Settings\USER\Cookies\[email protected][2].txt
    C:\Documents and Settings\USER\Cookies\[email protected][2].txt
    C:\Documents and Settings\USER\Cookies\[email protected][2].txt
    C:\Documents and Settings\USER\Cookies\[email protected][1].txt
    C:\Documents and Settings\USER\Cookies\[email protected][1].txt
    C:\Documents and Settings\USER\Cookies\[email protected][1].txt
    C:\Documents and Settings\USER\Cookies\[email protected][2].txt
    C:\Documents and Settings\USER\Cookies\[email protected][2].txt
    C:\Documents and Settings\USER\Cookies\[email protected][2].txt
    C:\Documents and Settings\USER\Cookies\[email protected][1].txt
    C:\Documents and Settings\USER\Cookies\[email protected][1].txt
    C:\Documents and Settings\USER\Cookies\[email protected][2].txt
    C:\Documents and Settings\USER\Cookies\[email protected][1].txt
    C:\Documents and Settings\USER\Cookies\[email protected][2].txt
    C:\Documents and Settings\USER\Cookies\[email protected][1].txt
    C:\Documents and Settings\USER\Cookies\[email protected][2].txt
    C:\Documents and Settings\USER\Cookies\[email protected][2].txt
    C:\Documents and Settings\USER\Cookies\[email protected][1].txt
    C:\Documents and Settings\USER\Cookies\[email protected][2].txt
    C:\Documents and Settings\USER\Cookies\[email protected][2].txt
    C:\Documents and Settings\USER\Cookies\[email protected][2].txt
    C:\Documents and Settings\USER\Cookies\[email protected][1].txt
    C:\Documents and Settings\USER\Cookies\[email protected][1].txt
    C:\Documents and Settings\USER\Cookies\[email protected][2].txt
    C:\Documents and Settings\USER\Cookies\[email protected][2].txt
    C:\Documents and Settings\USER\Cookies\[email protected][2].txt

    Adware.k8l
    C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\BACKUPS\BACKUP-20070723-100154-440-SOURCE.HTML

    Trojan.ZQuest
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\MESSENGER\LAVUPA.DLL.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0068303.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0068304.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0068305.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0068306.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0068307.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0068308.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0068309.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0068310.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0068311.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0068312.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0068313.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0068314.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0068315.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0068316.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0068317.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0068318.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0068319.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0068320.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0068321.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0068322.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0068323.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP121\A0072434.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP121\A0072435.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP121\A0072455.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP127\A0075827.DLL

    Trojan.Downloader-Gen/Installer
    C:\QOOBOX\QUARANTINE\C\WINDOWS\B122.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP127\A0075791.EXE

    Trojan.NewDotNet
    C:\QOOBOX\QUARANTINE\C\WINDOWS\NDNUNINSTALL6_30.EXE.VIR

    Adware.WebBuying Assistant-Installer
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\B4\BW73.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0066086.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0066087.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0066101.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP127\A0075829.EXE

    Trojan.Downloader-Gen/HitItQuitIt
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\KHFDEEE.DLL.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP127\A0075838.DLL
    C:\VUNDOFIX BACKUPS\KHFDEEE.DLL.BAD

    Trojan.Downloader-Gen/TStamp
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\NDYRPDEW.EXE.VIR

    Trojan.ZQuest-Installer
    C:\QOOBOX\QUARANTINE\C\WINDOWS\TK58.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0066080.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0066095.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0066108.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0066124.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0066139.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0066155.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0066166.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0066180.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0067179.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0067202.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0067211.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0067219.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0067228.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0067236.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0068236.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0068244.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0068251.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0068258.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0068267.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0068294.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0068355.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0070362.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0072373.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0072411.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP121\A0072417.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP121\A0072423.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP122\A0072470.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP127\A0075832.EXE

    Adware.Unknown Origin
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0066081.CFG

    Trojan.Downloader-Gen/WinPop
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0066082.EXE

    Trojan.Downloader-WebBuying/PopEngine
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0066085.DLL

    Adware.Mirar/NetNucleus
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0066116.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP124\A0075577.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP125\A0075609.DLL

    Adware.Vundo Variant
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0067204.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0068238.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0068273.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0068283.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0068289.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP121\A0072457.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP122\A0072472.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP122\A0072479.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP122\A0072494.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP122\A0072501.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP122\A0073501.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP123\A0074518.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP123\A0074530.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP123\A0075530.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP123\A0075537.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP123\A0075544.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP124\A0075557.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP124\A0075564.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP124\A0075571.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP124\A0075579.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP125\A0075591.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP125\A0075598.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP127\A0075726.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP127\A0075738.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP127\A0075739.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP127\A0075752.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP127\A0075753.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP127\A0075762.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP127\A0075764.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP127\A0075769.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP127\A0075780.DLL
    C:\VUNDOFIX BACKUPS\EJRYESBG.DLL.BAD
    C:\VUNDOFIX BACKUPS\HDFAQWRN.DLL.BAD
    C:\VUNDOFIX BACKUPS\ILQEOLJR.DLL.BAD
    C:\VUNDOFIX BACKUPS\JDYGIUYU.DLL.BAD
    C:\VUNDOFIX BACKUPS\KLTDNOUV.DLL.BAD
    C:\VUNDOFIX BACKUPS\NTDTHJSJ.DLL.BAD
    C:\VUNDOFIX BACKUPS\NTTPCTWA.DLL.BAD
    C:\VUNDOFIX BACKUPS\SAHESQXR.DLL.BAD
    C:\VUNDOFIX BACKUPS\TOEGKYFK.DLL.BAD
    C:\VUNDOFIX BACKUPS\TPBDNSGM.DLL.BAD
    C:\VUNDOFIX BACKUPS\WDKNUUOO.DLL.BAD
    C:\VUNDOFIX BACKUPS\WQXGUVFT.DLL.BAD

    Trojan.Downloader-SpyTool
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0068275.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0068276.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP127\A0075706.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP127\A0075742.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP127\A0075743.DLL
    C:\VUNDOFIX BACKUPS\AQWPMTJA.DLL.BAD
    C:\VUNDOFIX BACKUPS\JXQJNVSA.DLL.BAD
    C:\VUNDOFIX BACKUPS\KAJMVYTJ.DLL.BAD
    C:\VUNDOFIX BACKUPS\OQTDABHO.DLL.BAD
    C:\VUNDOFIX BACKUPS\OXGTSGPF.DLL.BAD

    Trojan.Downloader-Gen/BasicMath
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0068325.EXE

    Adware.SysMon
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0068326.EXE

    Trojan.Downloader-Gen/RetAd
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0068327.EXE

    Trojan.Rootkit-TnCore/Installer
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0068329.EXE

    Adware.180solutions/Search Assistant
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0068330.EXE

    Adware.ZenoSearch
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0068331.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0068332.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0068333.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0068334.EXE

    Trojan.ZenoSearch
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP120\A0068335.EXE

    Adware.Vundo/Traff-2
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP121\A0072439.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP127\A0075712.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP127\A0075713.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP127\A0075714.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP127\A0075717.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP127\A0075718.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP127\A0075719.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP127\A0075723.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP127\A0075728.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP127\A0075729.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP127\A0075730.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP127\A0075731.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP127\A0075732.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP127\A0075736.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP127\A0075740.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP127\A0075744.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP127\A0075746.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP127\A0075749.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP127\A0075751.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP127\A0075757.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP127\A0075759.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP127\A0075760.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP127\A0075766.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP127\A0075767.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP127\A0075782.EXE
    C:\VUNDOFIX BACKUPS\DLLOLNBH.EXE.BAD
    C:\VUNDOFIX BACKUPS\EJPJOGKV.EXE.BAD
    C:\VUNDOFIX BACKUPS\EVRGSHWB.EXE.BAD
    C:\VUNDOFIX BACKUPS\FWBSFPJG.EXE.BAD
    C:\VUNDOFIX BACKUPS\GAMOJKNX.EXE.BAD
    C:\VUNDOFIX BACKUPS\GIQATBEK.EXE.BAD
    C:\VUNDOFIX BACKUPS\HWNJUGKS.EXE.BAD
    C:\VUNDOFIX BACKUPS\KRONGUCS.EXE.BAD
    C:\VUNDOFIX BACKUPS\KSVMBYTC.EXE.BAD
    C:\VUNDOFIX BACKUPS\LFOIVGSJ.EXE.BAD
    C:\VUNDOFIX BACKUPS\LGXIIXXW.EXE.BAD
    C:\VUNDOFIX BACKUPS\LHHNREMI.EXE.BAD
    C:\VUNDOFIX BACKUPS\NEVHFSHQ.EXE.BAD
    C:\VUNDOFIX BACKUPS\OCQYOJAC.EXE.BAD
    C:\VUNDOFIX BACKUPS\PCDVVBAL.EXE.BAD
    C:\VUNDOFIX BACKUPS\PMTJXLYM.EXE.BAD
    C:\VUNDOFIX BACKUPS\SYUVONSK.EXE.BAD
    C:\VUNDOFIX BACKUPS\TKWCHVXA.EXE.BAD
    C:\VUNDOFIX BACKUPS\VDULYCST.EXE.BAD
    C:\VUNDOFIX BACKUPS\VJAALCVK.EXE.BAD
    C:\VUNDOFIX BACKUPS\VPAGNDLG.EXE.BAD
    C:\VUNDOFIX BACKUPS\XEXOJEWA.EXE.BAD
    C:\VUNDOFIX BACKUPS\XHIOWYLA.EXE.BAD
    C:\VUNDOFIX BACKUPS\XJTMGQHC.EXE.BAD

    Trojan.WinAntiSpyware/WinAntiVirus 2006
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP121\A0072450.EXE

    Trojan.Downloader-VisFX
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F498BB33-617A-4944-B87D-71D448A2FD14}\RP125\A0075604.EXE
     
  12. suzyqthebomb

    suzyqthebomb Thread Starter

    Joined:
    Jul 18, 2007
    Messages:
    9
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:04:58 PM, on 7/23/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Microsoft Money\System\urlmap.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O15 - Trusted Zone: www.hernandomls.com
    O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MT...rx.net/360views/Yaris_Exterior_360/index.html
    O16 - DPF: {0D859AF0-C75E-11D4-B760-00E0B81077E8} (FileCruiser Class) - http://mfr.mlxchange.com/Control/FileCruiser.cab
    O16 - DPF: {0D9633EB-D799-4626-B34E-FCC17AFA2BCF} (osi_valid.uCltValid10) - http://www.hernandomls.com/her/valid/osi_valid9j.ocx
    O16 - DPF: {16FD824B-8E7B-11D2-9855-00802962956C} (Specfile Control) - http://mfr.mlxchange.com/Control/Specfile.cab
    O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://mfr.mlxchange.com/Control/MultiSelectComboBox.cab
    O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://mfr.mlxchange.com/Control/MLXClientUtils.cab
    O16 - DPF: {78523E50-56EB-11D3-B739-CAA1986A452F} (LiteGridCtl Class) - http://mfr.mlxchange.com/Control/LiteGrid.cab
    O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://mfr.mlxchange.com/Control/IRCSharc.cab
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://66.15.127.224/msrdp.cab
    O16 - DPF: {F060A272-A18A-11D3-B75B-00E0B81077E8} (DropList Class) - http://mfr.mlxchange.com/Control/AspCustomCtrls.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    --
    End of file - 4240 bytes
     
  13. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, suzyqthebomb :)

    • Copy the entire contents of the Quote Box below to Notepad.
    • Name the file as ComboFix-Do.txt
    • Change the Save as Type to All Files
    • and Save it on the desktop
    [​IMG]

    Once saved, refering to the picture above, drag ComboFix-Do.txt into ComboFix.exe, and post back the resulting report along with a Hijackthis log.


    Antivirus programs play an important role in the protection of your system. Here are some options:
    .
     
  14. suzyqthebomb

    suzyqthebomb Thread Starter

    Joined:
    Jul 18, 2007
    Messages:
    9
    Ooooops, by the time I read it I had already uninstalled everything. Sorry
     
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/597572

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice